Gregory's ServerSo #iOS apps need to have a privacy policy, that is to say, even while all Mastodon servers have each their own privacy policy, the app also needs a separate privacy policy. The question I have is, what do I write in it if the app doesn't itself store any data, it connects to a server of the user's choosing, like a browser...
 26 comments
 @Gargron You record just what data your app keeps. Presumably you have a server list and logins. Do you cache anything? Report that. @mdhughes Hm. It connects to the public api.joinmastodon.org to get the list of servers, anonymously. Any cache is local within the phone.  Eugen, also what sends push (APNS) notifications? Or does each instance handle that on its own? @grishka There's a relay Web Push to APN server that sees device tokens (not sure how much of a PII this is), but does not see notification contents as they are encrypted @grishka Documentation says the device token is unique both to the device and the app, that means the device token should not be usable for identifying a user... I think @Gargron Afaik, unless if you’re tying the device token to the user on the server, or you have some way to identify the user who’s using the app, device token + app doesn’t really tell you who the user is. At least for Firebase, if the user logs out and logs into another account, the 2 accounts might even use the same device token.
[DATA EXPUNGED]
@Gargron I think you may still have a privacy policy, even if Apple or governments don't require it since you can inject code to extract private information. Explicitly stating you don't do that would help users. @Gargron This is exactly the problem that got one or more Android clients pulled down from the Play store. Frustrating as hell that these companies seem unable to understand "the app developer does not control the server."  @Gargron for Metatext I used a privacy policy termly.io to generate this, you may be able to remove some stuff because I made it cover CLA submissions: https://metabolist.org/privacy-policy I also have a really long explanation in the notes for reviewers explaining that each instance has its own terms of service and privacy policy @jzzocc I actually checked your app on the App Store and it links to a different page than this one @Gargron that’s the page you see if you click the “View Metabolist’s full privacy policy” link on the page that’s linked on the App Store  @Gargron  @Gargron But I'm so not an expert at that. Btw, when will this be ready? Would this mean that when I select a foto from my phone and go to choose what to do with it, Mastodon will show up as one of the choices? Right now, it doesn't; if I want to toot a foto, I have to go into Amaroq.  |
@Gargron hey @drewfitz have any insights on this?